Update l2tp.sh

2024-10-12 20:40:25 +08:00
parent 7ec931a760
commit 31b5dd26fb
1 changed files with 118 additions and 21 deletions
--- a/l2tp.sh
+++ b/l2tp.sh
@@ -3,12 +3,62 @@
 # 退出时显示错误
 set -e
 # 颜色定义
 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m' # No Color
 # 函数定义
 print_info() {
    echo -e "${YELLOW}[INFO] $1${NC}"
 }
 print_success() {
    echo -e "${GREEN}[SUCCESS] $1${NC}"
 }
 print_error() {
    echo -e "${RED}[ERROR] $1${NC}"
 }
 check_service_status() {
    if systemctl is-active --quiet $1; then
        print_success "$1 服务正在运行"
    else
        print_error "$1 服务未运行"
        exit 1
    fi
 }
 # 检测系统类型
 if [ -f /etc/os-release ]; then
    . /etc/os-release
    OS=$NAME
 else
    print_error "无法检测操作系统类型，脚本可能无法正常工作。"
    exit 1
 fi
 print_info "检测到的操作系统: $OS"
 # 更新系统包列表
-apt update
+print_info "正在更新系统包列表..."
 if apt update; then
    print_success "系统包列表更新成功"
 else
    print_error "系统包列表更新失败"
    exit 1
 fi
 # 安装必要的软件包
-echo "正在安装 StrongSwan 和 xl2tpd..."
+print_info "正在安装 StrongSwan 和 xl2tpd..."
-DEBIAN_FRONTEND=noninteractive apt install -yq strongswan xl2tpd ppp
+if DEBIAN_FRONTEND=noninteractive apt install -yq strongswan strongswan-pki libcharon-extra-plugins xl2tpd ppp curl; then
    print_success "StrongSwan 和 xl2tpd 安装成功"
 else
    print_error "StrongSwan 和 xl2tpd 安装失败"
    exit 1
 fi
 # 随机生成用户名、密码和预共享密钥
 USERNAME="vpnuser_$(tr -dc A-Za-z0-9 </dev/urandom | head -c 6)"
@@ -16,10 +66,17 @@ PASSWORD="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 16)"
 PSK="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 20)"
 # 获取公网 IP
 print_info "正在获取公网 IP..."
 PUBLIC_IP=$(curl -s http://ipinfo.io/ip)
 if [ -z "$PUBLIC_IP" ]; then
    print_error "无法获取公网 IP"
    exit 1
 else
    print_success "成功获取公网 IP: $PUBLIC_IP"
 fi
 # 配置 StrongSwan
-echo "正在配置 StrongSwan..."
+print_info "正在配置 StrongSwan..."
 cat <<EOF > /etc/ipsec.conf
 config setup
    charondebug="ike 1, knl 1, cfg 0"
@@ -27,28 +84,31 @@ config setup
 conn L2TP-PSK
    authby=secret
    pfs=no
    auto=add
    keyingtries=3
    rekey=no
    ikelifetime=8h
    keylife=1h
    type=transport
-    left=$PUBLIC_IP
+    left=%any
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/%any
    dpdaction=clear
    dpddelay=30s
    dpdtimeout=120s
    ike=aes256-sha256-modp2048!
    esp=aes256-sha256!
 EOF
 print_success "StrongSwan 配置完成"
 # 设置预共享密钥
-echo "正在设置预共享密钥..."
+print_info "正在设置预共享密钥..."
 echo ": PSK \"$PSK\"" > /etc/ipsec.secrets
 print_success "预共享密钥设置完成"
 # 配置 xl2tpd
-echo "正在配置 xl2tpd..."
+print_info "正在配置 xl2tpd..."
 cat <<EOF > /etc/xl2tpd/xl2tpd.conf
 [global]
 port = 1701
@@ -64,9 +124,10 @@ ppp debug = yes
 pppoptfile = /etc/ppp/options.xl2tpd
 length bit = yes
 EOF
 print_success "xl2tpd 配置完成"
 # 配置 PPP 选项
-echo "正在配置 PPP 选项..."
+print_info "正在配置 PPP 选项..."
 cat <<EOF > /etc/ppp/options.xl2tpd
 ipcp-accept-local
 ipcp-accept-remote
@@ -81,20 +142,28 @@ lcp-echo-failure 4
 lcp-echo-interval 30
 connect-delay 5000
 EOF
 print_success "PPP 选项配置完成"
 # 添加 VPN 用户
 print_info "正在添加 VPN 用户..."
 echo "$USERNAME * $PASSWORD *" > /etc/ppp/chap-secrets
 print_success "VPN 用户添加完成"
 # 配置 IP 转发
-echo "正在配置 IP 转发..."
+print_info "正在配置 IP 转发..."
 echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/60-vpn-forward.conf
 sysctl -p /etc/sysctl.d/60-vpn-forward.conf
 print_success "IP 转发配置完成"
 # 配置 NAT
-iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE
+print_info "正在配置 NAT..."
 DEFAULT_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)' | head -1)
 iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o $DEFAULT_IFACE -j MASQUERADE
 iptables-save > /etc/iptables.rules
 print_success "NAT 配置完成"
 # 创建一个服务来在启动时恢复 iptables 规则
 print_info "正在创建 iptables 恢复服务..."
 cat <<EOF > /etc/systemd/system/iptables-restore.service
 [Unit]
 Description=Restore iptables rules
@@ -107,20 +176,48 @@ ExecStart=/sbin/iptables-restore /etc/iptables.rules
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable iptables-restore
 print_success "iptables 恢复服务创建完成"
 # 重启并启用服务
-echo "正在重启并启用服务..."
+print_info "正在重启并启用服务..."
 if [[ "$OS" == *"Ubuntu"* ]]; then
    systemctl restart strongswan
 systemctl restart xl2tpd
    systemctl enable strongswan
 elif [[ "$OS" == *"Debian"* ]]; then
    systemctl restart strongswan-starter
    systemctl enable strongswan-starter
 else
    print_info "未知的操作系统，尝试重启 strongswan 服务..."
    systemctl restart strongswan || systemctl restart strongswan-starter
    systemctl enable strongswan || systemctl enable strongswan-starter
 fi
 systemctl restart xl2tpd
 systemctl enable xl2tpd
 # 检查服务状态
 if [[ "$OS" == *"Ubuntu"* ]]; then
    check_service_status "strongswan"
 elif [[ "$OS" == *"Debian"* ]]; then
    check_service_status "strongswan-starter"
 else
    if systemctl is-active --quiet strongswan; then
        check_service_status "strongswan"
    elif systemctl is-active --quiet strongswan-starter; then
        check_service_status "strongswan-starter"
    else
        print_error "strongSwan 服务未运行"
        exit 1
    fi
 fi
 check_service_status "xl2tpd"
 # 输出连接信息
-echo "L2TP/IPSec VPN 安装和配置完成！"
+print_success "L2TP/IPSec VPN 安装和配置完成！"
-echo "请使用以下信息进行连接："
+echo -e "${GREEN}请使用以下信息进行连接：${NC}"
-echo "服务器地址: $PUBLIC_IP"
+echo -e "${GREEN}服务器地址: $PUBLIC_IP${NC}"
-echo "用户名: $USERNAME"
+echo -e "${GREEN}用户名: $USERNAME${NC}"
-echo "密码: $PASSWORD"
+echo -e "${GREEN}密码: $PASSWORD${NC}"
-echo "预共享密钥: $PSK"
+echo -e "${GREEN}预共享密钥: $PSK${NC}"